SANS Penetration Testing Blog
April 29th, 2014
This is really kool stuff Ed Skoudis and Kevin Fiscus, both SANS instructors, are talking about my parser. I have been working on a new version, I guess this is a sign I need to get working harder:)
Data, Data, Everywhere What to do with Volumes of Nessus Output
Because it is the best Nessus parser out there. 🙂 I use it all of the time. Keep up the good work and look forward to the new version. Can you give an update what the new version will include? Thanks in advance!
Here is a short list..
1. Autorun parsing
2. OWASP Top 10
3. Detection Plugin Summary
I have run into a problem with very large(1-2G) nessus files, with the script running out of memory. I realize perl eats whatever memory you have available, but other than getting a system with greater than 8G of memory(what it has now) is there anything that can be done to remedy this problem?
Right now, anything over 1 Gig dies due to memory issues.
Would there be a way to add a field/report section that could give me the age of the different levels of vulnerabilities?
I know there’s a patch_publication_date field.
What would be great to see (for mgmt reporting) would be the percentage of vulnerabilities < 30 days old, 30-60 days old and maybe +90 days. or something along that line.
First of all great application, I’ve just come across it.
I have a question, and it may be just a case of me not delving deeply into the reports, but for your Critical, High, Medium and low tabs you have not included the IP address column. From a remediation point of view would you not think it would be beneficial to home in on the most vulnerable items on the network.
I saw this page while looking for ways to streamline my reporting from Nessus. I tried using the tool installing the dependencies but I keep getting this error.
################################################################################
NESSUS PARSER V0.20
################################################################################
Creating Spreadsheet Data
Preparing Hosts Data
Finished Parsing XML Data
Create General Vulnerability Data
Creating Policy Compliance Data
Creating Nessus Report Spreadsheet
Can’t call method “add_worksheet” on an undefined value at parse_nessus_xml.v20.pl line 1443.
Anyone have any ideas?
Want to add to the praise; I can’t even count how much time this tool has saved me!
Really appreciate it, simply an excellent effort.
Where does one go with “bugs”? I’ll be very happy to find out I’ve got user-error-itis if that’s the case.
I’m passing an explicit file with -f, path enclosed in “”.
The first part of the script’s logic declares the file valid in format terms, then says “No such file or directory – /path/to/file.nessus at ./parse_nessus_xml.v20.pl line 808”
Help?
This is a limitation in perl itself just running out of memory. I have been able to run on a 1 GB data sets, so try to keep it under 1GB.
In parse_nessus_xml.v21.pl, release date 20 Oct 2014, the plugin release dates are part of the columns.
IN the new version “parse_nessus_xml.v21.pl” there is a table with this data.
Did you ever get this to work?
Try without spaces in the name.